Internet Explorer Memory Corruption Vulnerability: CVE-2018-8653

A memory corruption vulnerability has been disclosed in the Microsoft Internet explorer. Upon successful exploitation an attacker can achieve remote arbitrary code execution within the context of the current user. CVE-2018-8653 has been assigned to track this vulnerability. Microsoft has addressed this issue via an out of band advisory release . The issue affects IE 9,10,11 on their respective supported Windows OS. Currently this vulnerability is being exploited in the wild.

Please apply the latest patches provided Microsoft to address CVE-2018-8653. If immediate patching is not possible, please consider restricting access to JScript.dll by following the workarounds provided in the MS advisory.

Qualys will release QID: 100350 as soon as possible to detect CVE-2018-8653 vulnerable machines.

Please continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.

CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *